An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication.
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2019:2280 | |
https://github.com/uriparser/uriparser/blob/uriparser-0.9.0/ChangeLog | Patch Third Party Advisory |
https://github.com/uriparser/uriparser/commit/f76275d4a91b28d687250525d3a0c5509bbd666f | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2018/11/msg00019.html | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-11-12T15:00:00
Updated: 2019-08-06T16:06:25
Reserved: 2018-11-12T00:00:00
Link: CVE-2018-19199
JSON object: View
NVD Information
Status : Modified
Published: 2018-11-12T15:29:00.287
Modified: 2019-08-06T17:15:33.773
Link: CVE-2018-19199
JSON object: View
Redhat Information
No data.
CWE